Information Security News
A reader, Greg, wrote in with a query on another internet scanning project. He checked out the IP address and it leadÂ to a web site, www[.]internetscanningproject.org, which states:
"Hello! You've reached the Internet Scanning Project.
We're computer security researchers performing periodic Internet-wide health assessments.
If you reached this site because of activity you observed on your network:
We apologize for any concern caused by our network activity. We are not specifically targeting your network.
We have not attempted to unlawfully access or abuse your network in any way. We are exclusively accessing publicly available servers, we respect all authentication barriers, and (as you can see) we have made no attempt to hide our activity.
This effort is part of a research project in which we are engaged in with view to possibly contributing to public Internet health datasets. We believe research of this sort is both legal and beneficial to the security of the Internet as a whole.
However, if you wish to be excluded from our scanning efforts after reading the clarifying information below, please email us with IP addresses or CIDR blocks to be added to our blacklist."
It does not provide any information or assurances that this is a legitimate research project and I wouldn't be want to sending information to unknown people via an unattributable web site. The normal low level open source searching doesn't reveal anything of use or attribution either. It does, however, bring up a fair numberÂ hitsÂ of people asking what are these scans and the best way to block them.
It appears this scanning has been running for a couple of weeks and has being usingÂ multiple IP addresses (see https://isc.sans.edu/topips.txt for some examples). A curious point, for a "legitimate" scan, is that they have started changed the User Agent frequently and in some cases to some very odd nonsensicalÂ strings. The core scans are against TCP ports 21, 22 and 443 and the 443 scans may trigger alerts forÂ probing onÂ the Heartbleed bug.
Chris Mohan --- Internet Storm Center Handler on Duty(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
by Sean Gallagher
The Russian Ministry of Internal Affairs (MVD) has offered a 3.9 million ruble (approximately $111,000) contract for technology that can identify the users of Tor, the encrypted anonymizing network used by Internet users seeking to hide their activities from monitoring by law enforcement, government censors, and others.
In a notice on the Russian government’s procurement portal under the title “Perform research, code ‘TOR’ (Navy),” originally posted on July 11, the MVD announced it was seeking proposals for researchers to ”study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network.” The competition, which is open only to Russian citizens and companies, requires entrants to pay a 195,000 ruble (approximately $5,555) application fee. Proposals are due by August 13, and a winner of the contract will be chosen by August 20.
The MVD had previously sought to ban the use of any anonymizing software. That proposal was dropped last year. However, a new “blogger law” passed in April, which goes into effect in August, requires all bloggers with an audience of over 3,000 readers to register their identity with the government—and enforcement of the law could be made difficult if bloggers use the Tor network to retain their anonymity.
Posted by InfoSec News on Jul 25http://www.defenseone.com/technology/2014/07/cia-fears-internet-things/89660/
Posted by InfoSec News on Jul 25http://www.jpost.com/Defense/Israel-to-intensify-cyber-security-as-end-of-Ramadan-approaches-368891
Posted by InfoSec News on Jul 25http://www.nation.co.ke/oped/Opinion/technology-we-need-to-find-ways-to-deal-with-risks--/-/440808/2396320/-/3jknwt/-/index.html
Posted by InfoSec News on Jul 25http://www.itpro.co.uk/security/22771/hackers-hit-the-european-central-bank
Posted by InfoSec News on Jul 25http://healthitsecurity.com/2014/07/24/how-healthcare-can-learn-from-retails-it-security-mistakes/
-- Bojan INFIGO IS(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.